package io.gravitee.am.gateway.handler.common.auth.idp.impl;

import io.gravitee.am.common.event.EventManager;
import io.gravitee.am.common.event.IdentityProviderEvent;
import io.gravitee.am.gateway.handler.common.auth.idp.IdentityProviderManager;
import io.gravitee.am.gateway.handler.common.certificate.CertificateManager;
import io.gravitee.am.identityprovider.api.AuthenticationProvider;
import io.gravitee.am.identityprovider.api.UserProvider;
import io.gravitee.am.identityprovider.api.oidc.OpenIDConnectConfigurationUtils;
import io.gravitee.am.model.Domain;
import io.gravitee.am.model.IdentityProvider;
import io.gravitee.am.model.ReferenceType;
import io.gravitee.am.model.common.event.Payload;
import io.gravitee.am.monitoring.provider.GatewayMetricProvider;
import io.gravitee.am.plugins.idp.core.AuthenticationProviderConfiguration;
import io.gravitee.am.plugins.idp.core.IdentityProviderPluginManager;
import io.gravitee.am.repository.management.api.IdentityProviderRepository;
import io.gravitee.common.event.Event;
import io.gravitee.common.event.EventListener;
import io.gravitee.common.service.AbstractService;
import io.reactivex.rxjava3.core.Completable;
import io.reactivex.rxjava3.core.Maybe;
import io.reactivex.rxjava3.core.Single;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:io/gravitee/am/gateway/handler/common/auth/idp/impl/IdentityProviderManagerImpl.class */
public class IdentityProviderManagerImpl extends AbstractService implements IdentityProviderManager, InitializingBean, EventListener<IdentityProviderEvent, Payload> {
    private static final Logger logger = LoggerFactory.getLogger(IdentityProviderManagerImpl.class);

    @Autowired
    private Domain domain;

    @Autowired
    private IdentityProviderPluginManager identityProviderPluginManager;

    @Autowired
    private IdentityProviderRepository identityProviderRepository;

    @Autowired
    private EventManager eventManager;

    @Autowired
    private CertificateManager certificateManager;

    @Autowired
    private GatewayMetricProvider gatewayMetricProvider;
    private final ConcurrentMap<String, AuthenticationProvider> providers = new ConcurrentHashMap();
    private final ConcurrentMap<String, IdentityProvider> identities = new ConcurrentHashMap();
    private final ConcurrentMap<String, UserProvider> userProviders = new ConcurrentHashMap();

    /* renamed from: io.gravitee.am.gateway.handler.common.auth.idp.impl.IdentityProviderManagerImpl$1, reason: invalid class name */
    /* loaded from: input_file:io/gravitee/am/gateway/handler/common/auth/idp/impl/IdentityProviderManagerImpl$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$io$gravitee$am$common$event$IdentityProviderEvent = new int[IdentityProviderEvent.values().length];

        static {
            try {
                $SwitchMap$io$gravitee$am$common$event$IdentityProviderEvent[IdentityProviderEvent.DEPLOY.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$io$gravitee$am$common$event$IdentityProviderEvent[IdentityProviderEvent.UPDATE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$io$gravitee$am$common$event$IdentityProviderEvent[IdentityProviderEvent.UNDEPLOY.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    @Override // io.gravitee.am.gateway.handler.common.auth.idp.IdentityProviderManager
    public Maybe<AuthenticationProvider> get(String str) {
        AuthenticationProvider authenticationProvider = this.providers.get(str);
        return authenticationProvider != null ? Maybe.just(authenticationProvider) : Maybe.empty();
    }

    @Override // io.gravitee.am.gateway.handler.common.auth.idp.IdentityProviderManager
    public IdentityProvider getIdentityProvider(String str) {
        return this.identities.get(str);
    }

    @Override // io.gravitee.am.gateway.handler.common.auth.idp.IdentityProviderManager
    public Maybe<UserProvider> getUserProvider(String str) {
        UserProvider userProvider = this.userProviders.get(str);
        return userProvider != null ? Maybe.just(userProvider) : Maybe.empty();
    }

    public void afterPropertiesSet() {
        logger.info("Initializing identity providers for domain {}", this.domain.getName());
        try {
            this.identityProviderRepository.findAll(ReferenceType.DOMAIN, this.domain.getId()).flatMapSingle(this::updateAuthenticationProvider).map(identityProvider -> {
                this.gatewayMetricProvider.incrementIdp();
                return identityProvider;
            }).blockingLast();
            logger.info("Identity providers loaded for domain {}", this.domain.getName());
        } catch (Exception e) {
            logger.error("Unable to initialize identity providers for domain {}", this.domain.getName(), e);
        }
    }

    protected void doStart() throws Exception {
        super.doStart();
        logger.info("Register event listener for identity provider events for domain {}", this.domain.getName());
        this.eventManager.subscribeForEvents(this, IdentityProviderEvent.class, this.domain.getId());
    }

    protected void doStop() throws Exception {
        super.doStop();
        logger.info("Dispose event listener for identity provider events for domain {}", this.domain.getName());
        this.eventManager.unsubscribeForEvents(this, IdentityProviderEvent.class, this.domain.getId());
        clearProviders();
    }

    public void onEvent(Event<IdentityProviderEvent, Payload> event) {
        if (((Payload) event.content()).getReferenceType() == ReferenceType.DOMAIN && this.domain.getId().equals(((Payload) event.content()).getReferenceId())) {
            this.gatewayMetricProvider.incrementIdpEvt();
            switch (AnonymousClass1.$SwitchMap$io$gravitee$am$common$event$IdentityProviderEvent[event.type().ordinal()]) {
                case 1:
                    this.gatewayMetricProvider.incrementIdp();
                    break;
                case 2:
                    break;
                case 3:
                    removeIdentityProvider(((Payload) event.content()).getId());
                    this.gatewayMetricProvider.decrementIdp();
                    return;
                default:
                    return;
            }
            updateIdentityProvider(((Payload) event.content()).getId(), (IdentityProviderEvent) event.type());
        }
    }

    private void updateIdentityProvider(String str, IdentityProviderEvent identityProviderEvent) {
        String lowerCase = identityProviderEvent.toString().toLowerCase();
        logger.info("Domain {} has received {} identity provider event for {}", new Object[]{this.domain.getName(), lowerCase, str});
        this.identityProviderRepository.findById(str).flatMapSingle(this::updateAuthenticationProvider).subscribe(identityProvider -> {
            logger.info("Identity provider {} {} for domain {}", new Object[]{str, lowerCase, this.domain.getName()});
        }, th -> {
            logger.error("Unable to {} identity provider for domain {}", new Object[]{lowerCase, this.domain.getName(), th});
        }, () -> {
            logger.error("No identity provider found with id {}", str);
        });
    }

    private void removeIdentityProvider(String str) {
        logger.info("Domain {} has received identity provider event, delete identity provider {}", this.domain.getName(), str);
        clearProvider(str);
    }

    private Single<IdentityProvider> updateAuthenticationProvider(IdentityProvider identityProvider) {
        if (needDeployment(identityProvider)) {
            return forceUpdateAuthenticationProvider(identityProvider);
        }
        logger.debug("\tIdentity provider already initialized: {} [{}]", identityProvider.getName(), identityProvider.getType());
        return Single.just(identityProvider);
    }

    private Single<IdentityProvider> forceUpdateAuthenticationProvider(IdentityProvider identityProvider) {
        return Single.fromCallable(() -> {
            logger.info("\tInitializing identity provider: {} [{}]", identityProvider.getName(), identityProvider.getType());
            clearProvider(identityProvider.getId());
            return identityProvider;
        }).flatMap(identityProvider2 -> {
            AuthenticationProvider authenticationProvider = (AuthenticationProvider) this.identityProviderPluginManager.create(new AuthenticationProviderConfiguration(identityProvider, this.certificateManager));
            return authenticationProvider != null ? this.identityProviderPluginManager.create(identityProvider.getType(), identityProvider.getConfiguration(), identityProvider).map(optional -> {
                this.providers.put(identityProvider.getId(), authenticationProvider);
                this.identities.put(identityProvider.getId(), identityProvider);
                if (optional.isPresent()) {
                    this.userProviders.put(identityProvider.getId(), (UserProvider) optional.get());
                } else {
                    this.userProviders.remove(identityProvider.getId());
                }
                return identityProvider2;
            }) : Single.just(identityProvider2);
        }).doOnError(th -> {
            logger.error("An error occurs while initializing the identity provider : {}", identityProvider.getName(), th);
            clearProvider(identityProvider.getId());
        });
    }

    private void clearProviders() {
        this.providers.keySet().forEach(this::clearProvider);
    }

    private void clearProvider(String str) {
        AuthenticationProvider remove = this.providers.remove(str);
        UserProvider remove2 = this.userProviders.remove(str);
        this.identities.remove(str);
        if (remove != null) {
            try {
                remove.stop();
            } catch (Exception e) {
                logger.error("An error has occurred while stopping the authentication provider : {}", str, e);
            }
        }
        if (remove2 != null) {
            try {
                remove2.stop();
            } catch (Exception e2) {
                logger.error("An error has occurred while stopping the user provider : {}", str, e2);
            }
        }
    }

    private boolean needDeployment(IdentityProvider identityProvider) {
        IdentityProvider identityProvider2 = this.identities.get(identityProvider.getId());
        return identityProvider2 == null || identityProvider2.getUpdatedAt().before(identityProvider.getUpdatedAt());
    }

    @Override // io.gravitee.am.gateway.handler.common.auth.idp.IdentityProviderCertificateReloader
    public Completable reloadIdentityProvidersWithCertificate(String str) {
        return Completable.fromPublisher(this.identityProviderRepository.findAll().filter(identityProvider -> {
            return ((Boolean) OpenIDConnectConfigurationUtils.extractCertificateId(identityProvider.getConfiguration()).map(str2 -> {
                return Boolean.valueOf(str2.equals(str));
            }).orElse(false)).booleanValue();
        }).doOnNext(identityProvider2 -> {
            logger.info("Identity provider id={} from domain {} needs to be reloaded.", identityProvider2.getId(), this.domain.getName());
        }).flatMapSingle(this::forceUpdateAuthenticationProvider));
    }
}
